Yair Zaslavsky has uploaded a new change for review. Change subject: aaa: Introducing Directory and Authenticator proxies ......................................................................
aaa: Introducing Directory and Authenticator proxies Topic: AAA Change-Id: Ifd2bfbfe1bb7ace7a6e16d5117f20c476590eee1 Signed-off-by: Yair Zaslavsky <[email protected]> --- A backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthenticatorProxy.java A backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/DirectoryProxy.java 2 files changed, 306 insertions(+), 0 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/67/26567/1 diff --git a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthenticatorProxy.java b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthenticatorProxy.java new file mode 100644 index 0000000..6536923 --- /dev/null +++ b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthenticatorProxy.java @@ -0,0 +1,69 @@ +package org.ovirt.engine.core.aaa; + +import java.util.Properties; + +import org.ovirt.engine.api.extensions.Base; +import org.ovirt.engine.api.extensions.ExtMap; +import org.ovirt.engine.api.extensions.aaa.Authn; +import org.ovirt.engine.api.extensionsold.AAAExtensionException; +import org.ovirt.engine.core.extensions.mgr.ExtensionProxy; + +public class AuthenticatorProxy extends Authenticator { + + private ExtensionProxy extension; + + public AuthenticatorProxy(ExtensionProxy extension) { + this.extension = extension; + } + + @Override + @Deprecated + public void init() { + } + + @Override + @Deprecated + public void authenticate(String user, String password) { + ExtMap outputMap = extension.invoke(new ExtMap().mput( + Base.InvokeKeys.COMMAND, + Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS + ).mput( + Authn.InvokeKeys.USER, + user + ).mput( + Authn.InvokeKeys.CREDENTIALS, + password + ) + ); + if (outputMap.<Integer> get(Authn.InvokeKeys.RESULT) == Authn.AuthResult.CREDENTIALS_INVALID) { + throw new AAAExtensionException(AAAExtensionException.AAAExtensionError.INCORRECT_CREDENTIALS, ""); + } + } + + @Override + @Deprecated + public String getName() { + return (String) extension.getContext().<String> get(Base.ContextKeys.INSTANCE_NAME); + } + + @Override + @Deprecated + public String getProfileName() { + return (String) extension.getContext().<Properties> get(Base.ContextKeys.CONFIGURATION) + .getProperty("ovirt.engine.aaa.authn.profile.name"); + } + + @Override + @Deprecated + public boolean isNegotiationAuth() { + return extension.getContext().get(Authn.ContextKeys.CAPABILITIES).equals(Authn.Capabilities.AUTHENTICATE_NEGOTIATE); + } + + @Override + @Deprecated + public boolean isPasswordAuth() { + return extension.getContext().get(Authn.ContextKeys.CAPABILITIES).equals(Authn.Capabilities.AUTHENTICATE_PASSWORD); + } + +} + diff --git a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/DirectoryProxy.java b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/DirectoryProxy.java new file mode 100644 index 0000000..8b21145 --- /dev/null +++ b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/DirectoryProxy.java @@ -0,0 +1,237 @@ +package org.ovirt.engine.core.aaa; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; + +import org.ovirt.engine.api.extensions.Base; +import org.ovirt.engine.api.extensions.ExtMap; +import org.ovirt.engine.api.extensions.ExtUUID; +import org.ovirt.engine.api.extensions.aaa.Authn; +import org.ovirt.engine.api.extensions.aaa.Authz; +import org.ovirt.engine.core.extensions.mgr.ExtensionProxy; + +public class DirectoryProxy extends Directory { + + private ExtensionProxy extension; + private Object queryOpaque; + + private static interface QueryResultHandler { + public void handle(List<ExtMap> queryResults); + + public ExtUUID getCommand(); + + public ExtMap getCommandParameters(); + } + + public DirectoryProxy(ExtensionProxy extension) { + this.extension = extension; + } + + @Deprecated + @Override + public void init() { + } + + @Deprecated + @Override + public DirectoryUser findUser(String name) { + return mapPrincipalRecord(extension.invoke(new ExtMap().mput( + Base.InvokeKeys.COMMAND, + Authz.InvokeCommands.FETCH_PRINCIPAL_RECORD + ).mput( + Authn.InvokeKeys.AUTH_RECORD, + new ExtMap().mput( + Authn.AuthRecord.PRINCIPAL, + name + ) + )).<ExtMap> get(Authz.InvokeKeys.PRINCIPAL_RECORD)); + } + + @Deprecated + @Override + public DirectoryUser findUserById(String id) { + List<DirectoryUser> users = findUsers(Arrays.asList(id)); + if (users.isEmpty()) { + return null; + } + return users.get(0); + } + + @Deprecated + @Override + public List<DirectoryUser> findUsers(List<String> ids) { + return populateUsers( + Authz.InvokeCommands.QUERY_PRINCIPALS_BY_IDS_OPEN, + new ExtMap().mput( + Authz.InvokeKeys.PRINCIPAL_IDS, + ids + )); + } + + @Deprecated + @Override + public DirectoryGroup findGroup(String name) { + return null; + } + + @Deprecated + @Override + public DirectoryGroup findGroupById(String id) { + return null; + } + + @Deprecated + @Override + public List<DirectoryUser> queryUsers(String query) { + return populateUsers( + Authz.InvokeCommands.QUERY_PRINCIPALS_OPEN, + new ExtMap().mput( + Authz.InvokeKeys.QUERY, + new ExtMap().mput( + Authz.QueryRecord.LDAP_QUERY, + query + ) + ) + ); + } + + @Deprecated + @Override + public List<DirectoryGroup> queryGroups(String query) { + return populateGroups( + Authz.InvokeCommands.QUERY_GROUPS_OPEN, + new ExtMap().mput( + Authz.InvokeKeys.QUERY, + new ExtMap().mput( + Authz.QueryRecord.LDAP_QUERY, + query + ) + ) + ); + } + + @Deprecated + @Override + public String getName() { + return extension.getContext().<String> get(Base.ContextKeys.INSTANCE_NAME); + } + + private List<DirectoryUser> populateUsers(final ExtUUID command, final ExtMap extMap) { + final List<DirectoryUser> directoryUsers = new ArrayList<>(); + queryImpl(new QueryResultHandler() { + @Override + public void handle(List<ExtMap> queryResults) { + for (ExtMap result : queryResults) { + directoryUsers.add(mapPrincipalRecord(result)); + } + } + + @Override + public ExtUUID getCommand() { + return command; + } + + @Override + public ExtMap getCommandParameters() { + return extMap; + } + }); + return directoryUsers; + } + + + private List<DirectoryGroup> populateGroups(final ExtUUID command, final ExtMap extMap) { + final List<DirectoryGroup> directoryGroups = new ArrayList<>(); + queryImpl(new QueryResultHandler() { + @Override + public void handle(List<ExtMap> queryResults) { + for (ExtMap result: queryResults) { + directoryGroups.add(mapGroupRecord(result)); + } + } + + @Override + public ExtUUID getCommand() { + return command; + } + + @Override + public ExtMap getCommandParameters() { + return extMap; + } + + }); + return directoryGroups; + } + + private void queryImpl(QueryResultHandler handler) { + try { + queryOpaque = extension.invoke( + new ExtMap().mput( + Base.InvokeKeys.COMMAND, + handler.getCommand() + ).mput( + handler.getCommandParameters() + ) + ).get(Authz.InvokeKeys.QUERY_OPAQUE); + while (true) { + List<ExtMap> result = extension.invoke(new ExtMap().mput( + Base.InvokeKeys.COMMAND, + Authz.InvokeCommands.QUERY_EXECUTE + ).mput( + Authz.InvokeKeys.QUERY_OPAQUE, + queryOpaque) + ).get(Authz.InvokeKeys.QUERY_RESULT); + if (result == null) { + break; + } + handler.handle(result); + } + } finally { + extension.invoke(new ExtMap().mput( + Base.InvokeKeys.COMMAND, + Authz.InvokeCommands.QUERY_CLOSE + ).mput( + Authz.InvokeKeys.QUERY_OPAQUE, + queryOpaque) + ); + } + } + + private DirectoryUser mapPrincipalRecord(ExtMap principalRecord) { + DirectoryUser directoryUser = null; + if (principalRecord != null) { + directoryUser = new DirectoryUser( + extension.getContext().<String> get(Base.ContextKeys.INSTANCE_NAME), + principalRecord.<String> get(Authz.PrincipalRecord.ID), + principalRecord.<String> get(Authz.PrincipalRecord.NAME) + ); + directoryUser.setDepartment(principalRecord.<String> get(Authz.PrincipalRecord.DEPARTMENT)); + directoryUser.setFirstName(principalRecord.<String> get(Authz.PrincipalRecord.FIRST_NAME)); + directoryUser.setLastName(principalRecord.<String> get(Authz.PrincipalRecord.LAST_NAME)); + directoryUser.setEmail(principalRecord.<String> get(Authz.PrincipalRecord.EMAIL)); + directoryUser.setTitle(principalRecord.<String> get(Authz.PrincipalRecord.TITLE)); + List<DirectoryGroup> directoryGroups = new ArrayList<DirectoryGroup>(); + List<ExtMap> groups = principalRecord.<List<ExtMap>> get(Authz.PrincipalRecord.GROUPS); + if (groups != null) { + for (ExtMap group : groups) { + directoryGroups.add(mapGroupRecord(group)); + } + } + } + return directoryUser; + } + + private DirectoryGroup mapGroupRecord(ExtMap group) { + DirectoryGroup directoryGroup = null; + if (group != null) { + directoryGroup = new DirectoryGroup( + extension.getContext().<String> get(Base.ContextKeys.INSTANCE_NAME), + group.<String> get(Authz.GroupRecord.NAME), + group.<String> get(Authz.GroupRecord.ID) + ); + } + return directoryGroup; + } +} -- To view, visit http://gerrit.ovirt.org/26567 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ifd2bfbfe1bb7ace7a6e16d5117f20c476590eee1 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Yair Zaslavsky <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
